|
268551
|
6.1 |
MEDIUM
Network
|
marked_project
|
marked
|
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content i…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10531
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268552
|
5.9 |
MEDIUM
Network
|
airbrake
|
airbrake
|
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could…
|
CWE-310
CWE-200
Cryptographic Issues
Information Exposure
|
CVE-2016-10530
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268553
|
8.8 |
HIGH
Network
|
droppy_project
|
droppy
|
Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the current…
|
CWE-352
Origin Validation Error
|
CVE-2016-10529
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268554
|
4.9 |
MEDIUM
Network
|
restafary_project
|
restafary
|
restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it …
|
CWE-22
Path Traversal
|
CVE-2016-10528
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268555
|
8.8 |
HIGH
Network
|
express-restify-mongoose_project
|
express-restify-mongoose
|
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send…
|
CWE-200
Information Exposure
|
CVE-2016-10533
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268556
|
9.8 |
CRITICAL
Network
|
console-io_project
|
console-io
|
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the con…
|
CWE-287
Improper Authentication
|
CVE-2016-10532
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268557
|
7.5 |
HIGH
Network
|
riot.js
|
riot-compiler
|
The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditions.
|
CWE-399
Resource Management Errors
|
CVE-2016-10527
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268558
|
8.6 |
HIGH
Network
|
grunt-gh-pages_project
|
grunt-gh-pages
|
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion…
|
CWE-255
CWE-532
Credentials Management
Inclusion of Sensitive Information in Log Files
|
CVE-2016-10526
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268559
|
8.2 |
HIGH
Network
|
i18n-node-angular_project
|
i18n-node-angular
|
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-10524
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268560
|
7.5 |
HIGH
Network
|
mqtt-packet_project
|
mqtt-packet
|
MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10523
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
